General

  • Target

    11cd51f3230ccc9c9f2a32d3b3e419de03905c03744565dfdb9128a635b1e040

  • Size

    163KB

  • Sample

    240809-xe1dlaxhme

  • MD5

    b7ee06c38a8a6d49f3ca6988c8f273ba

  • SHA1

    918391a2a93bab6725e48e84be6300c67cb0e026

  • SHA256

    11cd51f3230ccc9c9f2a32d3b3e419de03905c03744565dfdb9128a635b1e040

  • SHA512

    937c85585839ea45e29ca64494e47b639f6b1500aa33bc78a180f3dedda0e1c489c013f53f0c260e9a5fd9082ce5954027012ce69dcc3c7d4138cdbb0fc10eca

  • SSDEEP

    1536:P5jaE7UVxyvcceoYjnKYEF/HGCrJdWfuWWqhzx/s+RlProNVU4qNVUrk/9QbfBrN:DDEBE1HGCrWXF/s+RltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      11cd51f3230ccc9c9f2a32d3b3e419de03905c03744565dfdb9128a635b1e040

    • Size

      163KB

    • MD5

      b7ee06c38a8a6d49f3ca6988c8f273ba

    • SHA1

      918391a2a93bab6725e48e84be6300c67cb0e026

    • SHA256

      11cd51f3230ccc9c9f2a32d3b3e419de03905c03744565dfdb9128a635b1e040

    • SHA512

      937c85585839ea45e29ca64494e47b639f6b1500aa33bc78a180f3dedda0e1c489c013f53f0c260e9a5fd9082ce5954027012ce69dcc3c7d4138cdbb0fc10eca

    • SSDEEP

      1536:P5jaE7UVxyvcceoYjnKYEF/HGCrJdWfuWWqhzx/s+RlProNVU4qNVUrk/9QbfBrN:DDEBE1HGCrWXF/s+RltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks